Pushmi depends on memcached to deal with locking of the repository. I'm not really comfortable with the lack of security (in this application) of the current debian version of memcached; essentially anyone on the same host has access to the daemon. Probably it is difficult to do much worse than a denial of service attach, but better to be cautious. The next upstream release of memcached (1.2.4?) should include better support for unix domain sockets, at which point I plan to move forward with the packaging of pushmi.
The patch to memcached, along with some startup changes, can be found in BTS http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446606 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
